> ## Documentation Index > Fetch the complete documentation index at: https://www.c1.ai/docs/llms.txt > Use this file to discover all available pages before exploring further. # Search Trusts > SearchTrusts searches trusts across all service principals with optional filters. Used by the admin providers page to list trusts referencing a provider. ## OpenAPI ````yaml https://spec.speakeasy.com/conductor-one/conductorone/my-source-with-code-samples post /api/v1/search/workload_federation_trusts openapi: 3.1.0 info: description: The C1 API is a HTTP API for managing C1 resources. title: C1 API version: 0.1.0-alpha servers: - description: The C1 API server for the current tenant. url: https://{tenantDomain}.conductor.one variables: tenantDomain: default: example description: The domain of the tenant to use for this request. security: - bearerAuth: [] oauth: [] paths: /api/v1/search/workload_federation_trusts: post: tags: - Workload Federation summary: Search Trusts description: >- SearchTrusts searches trusts across all service principals with optional filters. Used by the admin providers page to list trusts referencing a provider. operationId: c1.api.workload_federation.v1.WorkloadFederationService.SearchTrusts requestBody: content: application/json: schema: $ref: >- #/components/schemas/c1.api.workload_federation.v1.WorkloadFederationServiceSearchTrustsRequest responses: '200': content: application/json: schema: $ref: >- #/components/schemas/c1.api.workload_federation.v1.WorkloadFederationServiceSearchTrustsResponse description: Successful response x-codeSamples: - lang: go label: SearchTrusts source: "package main\n\nimport(\n\t\"context\"\n\t\"github.com/conductorone/conductorone-sdk-go/pkg/models/shared\"\n\tconductoronesdkgo \"github.com/conductorone/conductorone-sdk-go\"\n\t\"log\"\n)\n\nfunc main() {\n ctx := context.Background()\n\n s := conductoronesdkgo.New(\n conductoronesdkgo.WithSecurity(shared.Security{\n BearerAuth: \"\",\n Oauth: \"\",\n }),\n )\n\n res, err := s.WorkloadFederation.SearchTrusts(ctx, nil)\n if err != nil {\n log.Fatal(err)\n }\n if res.WorkloadFederationServiceSearchTrustsResponse != nil {\n // handle response\n }\n}" - lang: typescript label: Typescript (SDK) source: >- import { ConductoroneSDKTypescript } from "conductorone-sdk-typescript"; const conductoroneSDKTypescript = new ConductoroneSDKTypescript({ security: { bearerAuth: "", oauth: "", }, }); async function run() { const result = await conductoroneSDKTypescript.workloadFederation.searchTrusts(); console.log(result); } run(); components: schemas: c1.api.workload_federation.v1.WorkloadFederationServiceSearchTrustsRequest: description: The WorkloadFederationServiceSearchTrustsRequest message. properties: pageSize: description: The pageSize field. format: int32 readOnly: false type: integer pageToken: description: The pageToken field. readOnly: false type: string providerId: description: 'Optional: filter trusts by provider ID.' readOnly: false type: string query: description: 'Optional: full-text search on trust display name and description.' readOnly: false type: string servicePrincipalId: description: 'Optional: filter trusts by service principal ID.' readOnly: false type: string title: Workload Federation Service Search Trusts Request type: object x-speakeasy-name-override: WorkloadFederationServiceSearchTrustsRequest c1.api.workload_federation.v1.WorkloadFederationServiceSearchTrustsResponse: description: The WorkloadFederationServiceSearchTrustsResponse message. properties: list: description: The list field. items: $ref: >- #/components/schemas/c1.api.workload_federation.v1.WorkloadFederationTrust nullable: true readOnly: false type: array nextPageToken: description: The nextPageToken field. readOnly: false type: string title: Workload Federation Service Search Trusts Response type: object x-speakeasy-name-override: WorkloadFederationServiceSearchTrustsResponse c1.api.workload_federation.v1.WorkloadFederationTrust: description: |- WorkloadFederationTrust represents a per-SP trust policy that references a tenant-level provider and defines a CEL condition for claim matching. properties: allowSourceCidrs: description: IP allowlist for token exchange requests matching this trust. items: type: string nullable: true readOnly: false type: array clientId: description: >- The full client ID of the trust (e.g., "clever-fox-42195@acme.conductorone.com/wfe"). Used as the client_id parameter in RFC 8693 token exchange requests. readOnly: true type: string conditionExpression: description: |- CEL expression evaluated against JWT claims. Must return bool. Example: claims.sub.startsWith("repo:acme/infra:") && claims.environment == "production" readOnly: false type: string createdAt: format: date-time readOnly: true type: string description: description: A description of what this trust policy matches. readOnly: false type: string disabled: description: Whether the trust is disabled. readOnly: false type: boolean displayName: description: The display name of the trust. readOnly: false type: string passthroughClaims: description: >- JWT claim names from the subject token to copy into the issued C1 token. Values are placed in the "c1wfc" claim as a map[string]string. Only string-valued claims are copied; non-string claims are silently skipped. Example: ["repository", "repository_owner", "job_workflow_ref"] items: type: string nullable: true readOnly: false type: array providerId: description: The provider ID this trust references. Immutable after creation. readOnly: true type: string scopedRoleIds: description: >- Scoped role IDs. Effective permissions = min(SP roles, trust.scoped_role_ids). items: type: string nullable: true readOnly: false type: array servicePrincipalId: description: The service principal user ID this trust belongs to. readOnly: true type: string updatedAt: format: date-time readOnly: true type: string title: Workload Federation Trust type: object x-speakeasy-name-override: WorkloadFederationTrust securitySchemes: bearerAuth: scheme: bearer type: http oauth: description: >- This API uses OAuth2 with the Client Credential flow. Client Credentials must be sent in the BODY, not the headers. For an example of how to implement this, refer to the [c1TokenSource.Token()](https://github.com/ConductorOne/conductorone-sdk-go/blob/3375fe7c0126d17e7ec4e711693dee7b791023aa/token_source.go#L101-L187) function. flows: clientCredentials: scopes: {} tokenUrl: /auth/v1/token type: oauth2 ````